nokycnumber
Get a number

Privacy

How we treat data — what we collect, what we don't, what we keep, and for how long.

Last updated ·

We built NoKYCNumber so that wanting a phone number doesn't require giving up your identity. That stance shapes everything below.

What we don't collect

  • No name. We never ask for one.
  • No email or phone. No address, no nationality, no proof of identity.
  • No analytics. No Google Analytics, no Facebook Pixel, no Hotjar, no third-party trackers of any kind. Our pages load no JavaScript, fonts, or scripts from any external service except our own server and FixedFloat once you reach the cryptocurrency checkout.
  • No advertising IDs. Nothing we collect is shared with ad networks because we don't do advertising.

What we do collect

For each order

  • Order ID — a random 10-character identifier we generate. Not derived from any personal data.
  • Selection metadata — country, number type (mobile/landline), billing period, AI add-ons chosen, premium tier flag.
  • Payment metadata — cryptocurrency used, on-chain transaction ID (which is already public on the blockchain), payment timestamps, FixedFloat invoice ID.
  • Number assigned — the actual phone number, kept while the line is active.

For abuse prevention only

  • IP-hash — we keep the first 16 bits of a SHA-256 hash of your IP address for 30 days, then delete. This can't be reversed to your IP, but lets us correlate fraud signals across short windows.
  • User-Agent header (first 200 characters) — same retention, same purpose.

What we never log

  • Call audio. We route voice through carriers; we don't record, store, or analyse audio.
  • SMS content sent in or out. We deliver inbound SMS to your panel and route your outbound SMS, but we don't archive bodies on our servers. They live in the panel until you delete them.
  • Voicemails are stored — when you receive one, we transcribe and store it in the panel for your access. You can delete them at any time, after which they're gone from our backups within 7 days.

Cookies and storage

One cookie: nkyc_sess. It is HttpOnly, Secure, SameSite=Lax, and expires when you close the browser. We do not set persistent identifiers, and we don't read or write any other cookies.

The /get/ checkout flow uses sessionStorage to remember your in-progress cart between page reloads. That data lives only in your browser and is wiped when you close the tab.

Cryptocurrency and on-chain privacy

Most blockchains are public ledgers. Bitcoin, Ethereum, Litecoin, USDT, USDC, and similar transactions are visible to anyone with the address. If on-chain privacy matters to you, pay in Monero. Monero's ring signatures and stealth addresses obscure sender, receiver, and amount.

On our side, all incoming non-Monero payments are settled to Monero through FixedFloat before reaching our internal wallets. Once a payment lands with us, on-chain forensics stop at the swap.

Data retention

  • Order JSON — kept for 18 months after the line is canceled, for accounting and dispute resolution.
  • IP-hash and User-Agent logs — 30 days, then deleted.
  • Voicemails / SMS in your panel — until you delete them, then 7 days in backup, then gone.
  • Backend application logs — 30 days unless retained for an active investigation.
  • Payment transaction IDs — kept indefinitely (they're public on-chain anyway).

We comply with valid legal requests issued under the laws of the jurisdiction where the operator is registered. Because we collect very little, we have very little to hand over: order ID, dates, payment txid, IP-hash if within the 30-day window, country selected, and the assigned number. We do not have your name, email, address, or identity documents — because we never asked.

We do not respond to informal requests, fishing expeditions, or law-enforcement requests from jurisdictions where we have no legal nexus.

Warrant canary

We maintain a quarterly warrant canary at /canary/. If the canary is not updated on schedule, the absence is itself a signal. We won't comment further on what an absent canary means.

Your rights

Under most data protection regimes (GDPR, UK GDPR, CCPA, LGPD, and similar), you have the right to access, correct, or delete the data we hold about you. Send your order ID to the contact channel in your panel; we respond within 30 days. We can't reset what we don't have, but we'll confirm the absence as well as the presence.

Changes

This page changes when our practices change. The date at the top reflects the last revision. Material changes are announced on the homepage for 30 days before they take effect.

Contact

For privacy-specific questions, use the contact channel listed in the panel after placing an order.